Luying Zhou, Huaqun Guo, Dong Li, Jianying Zhou, Jun Wen Wong
{"title":"轻量级SCADA报文认证方案","authors":"Luying Zhou, Huaqun Guo, Dong Li, Jianying Zhou, Jun Wen Wong","doi":"10.23919/APCC.2017.8304051","DOIUrl":null,"url":null,"abstract":"Development and deployment of cyber security measures for legacy SCADA systems usually encounter challenges of limited computation resources in the field devices for supporting the designed cryptography processing. This paper presents a scheme with which the field device performs message authentication and integrity check only on selected critical packets such that it protects the system operation while avoiding high computation workload, and applies the scheme to a transportation SCADA system. The proposed scheme takes into account of the SCADA computation power limitation and real time requirements, and the extreme difficulty of making any changes to hardware or software in the legacy system. AES-CCM and symmetric key methods are applied for providing message authentication and integrity, and a bump-in-the-wire (BITW) implementation approach is adopted to avoid the changes to the legacy system. This lightweight packet authentication scheme is implemented and demonstrated over a testbed of a metro transportation SCADA system. Experiments show the effects of the scheme in blocking malicious packet attack and the comparison with a firewall approach.","PeriodicalId":320208,"journal":{"name":"2017 23rd Asia-Pacific Conference on Communications (APCC)","volume":"42 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-12-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"A scheme for lightweight SCADA packet authentication\",\"authors\":\"Luying Zhou, Huaqun Guo, Dong Li, Jianying Zhou, Jun Wen Wong\",\"doi\":\"10.23919/APCC.2017.8304051\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Development and deployment of cyber security measures for legacy SCADA systems usually encounter challenges of limited computation resources in the field devices for supporting the designed cryptography processing. This paper presents a scheme with which the field device performs message authentication and integrity check only on selected critical packets such that it protects the system operation while avoiding high computation workload, and applies the scheme to a transportation SCADA system. The proposed scheme takes into account of the SCADA computation power limitation and real time requirements, and the extreme difficulty of making any changes to hardware or software in the legacy system. AES-CCM and symmetric key methods are applied for providing message authentication and integrity, and a bump-in-the-wire (BITW) implementation approach is adopted to avoid the changes to the legacy system. This lightweight packet authentication scheme is implemented and demonstrated over a testbed of a metro transportation SCADA system. Experiments show the effects of the scheme in blocking malicious packet attack and the comparison with a firewall approach.\",\"PeriodicalId\":320208,\"journal\":{\"name\":\"2017 23rd Asia-Pacific Conference on Communications (APCC)\",\"volume\":\"42 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-12-11\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2017 23rd Asia-Pacific Conference on Communications (APCC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.23919/APCC.2017.8304051\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 23rd Asia-Pacific Conference on Communications (APCC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.23919/APCC.2017.8304051","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
A scheme for lightweight SCADA packet authentication
Development and deployment of cyber security measures for legacy SCADA systems usually encounter challenges of limited computation resources in the field devices for supporting the designed cryptography processing. This paper presents a scheme with which the field device performs message authentication and integrity check only on selected critical packets such that it protects the system operation while avoiding high computation workload, and applies the scheme to a transportation SCADA system. The proposed scheme takes into account of the SCADA computation power limitation and real time requirements, and the extreme difficulty of making any changes to hardware or software in the legacy system. AES-CCM and symmetric key methods are applied for providing message authentication and integrity, and a bump-in-the-wire (BITW) implementation approach is adopted to avoid the changes to the legacy system. This lightweight packet authentication scheme is implemented and demonstrated over a testbed of a metro transportation SCADA system. Experiments show the effects of the scheme in blocking malicious packet attack and the comparison with a firewall approach.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
